Pokemon Go Has Full Access to Your Google Account, Here's How to Fix It

Highlights

A massive security risk has been discovered in Pokemon Go

The game can view your emails and private photos.

This seems to impact mainly iOS users.

While Pokemon Go might just be available in three countries for now, that hasn't stopped fans the world over from obtaining the game for Android via sideloading or iOS by creating and using an iTunes account for Australia, New Zealand, or the US. It seems that those playing Pokemon Go have been subject to a glaring security violation. The game has full access to your Google account. Well, at least on iOS.

We've checked this with the Google account used on our iPhone 5S and yes, Pokemon Go did grant itself complete access to our account. This was not the case with our Android build of the game, although at the time of posting this, just one user has reported that it does impact the Android version as well. Reeves believes that on "Android it's using client permissions to get data, whilst on iOS it's using the Google account."

Nonetheless, if you're not keen on letting Niantic have complete access to your account, deleting the game isn't enough. Here's what you need to do to fix this:

Right now, Niantic and The Pokemon Company have maintained silence on this. Keep in mind that if you ever decide to risk playing Pokemon Go again, you'll need to grant it access to a Google account. The game does have an option to let you sign in using a Pokemon.com account but since the game's launch the sign up section of the site has been unavailable. Hopefully this corrects itself in days to come what with Niantic and The Pokemon Company planning a global launch for the game soon enough.

Update, July 12, 2016: Niantic has issued the following statement:

"We recently discovered that the Pokémon GO account creation process on iOS erroneously requests full access permission for the user's Google account. However, Pokémon GO only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected.

Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon GO or Niantic. Google will soon reduce Pokémon GO's permission to only the basic profile data that Pokémon GO needs, and users do not need to take any actions themselves."